Cyber Attack Protections in for an Overdue Update

The FAA recently proposed an equipment, systems, and network information protection regulation. It is intended to standardize cybersecurity threat mitigation procedures. 

With the advanced security features in modern technology, it is hard to believe that flight operations could be outwitted by online attackers. However, the cybercriminal world is more expansive than ever, leaving any individual, company, or even government agency at risk.

“The current trend in airplane design includes an increasing level of integration of airplane, engine, and propeller systems with increased connectivity to internal or external data networks and services,” the FAA noted. This design, as efficient as it may be, puts the aircraft in an extremely vulnerable position.

Current FAA Cybersecurity practices have been in place since 2009. To state the obvious, many technological advancements have occurred since then. New regulations are long overdue, and the FAA’s latest proposal is a start.

The FAA’s rules would regulate the design approval process. Manufacturers would be required to identify, analyze, and mitigate cybersecurity risks in their designs, and introduce Instructions for Continued Airworthiness (ICA) for continued protection. The changes would focus on any and all parts of the aircraft that are susceptible to intentional unauthorized electronic interactions, or IUEI.

To do so, additions and revisions would be made to 14 CFR part 25 (Airworthiness Standards: Transport Category Airplanes), part 33 (Airworthiness Standards: Aircraft Engines), and part 35 (Airworthiness Standards: Propellers).

In implementing the regulation, the FAA hopes to “reduce the costs and time necessary to certify new and changed products” while upholding “the level of safety provided by current Aircraft System Information Security/Protection (ASISP) special conditions.”

The FAA is looking for feedback on the regulations. Comments can be mailed, faxed, hand-delivered, or sent through the Federal eRulemaking Portal by October 21.

FMI: www.faa.gov, www.regulations.gov